This discussion is archived
14 Replies Latest reply: Mar 27, 2013 6:10 PM by jrimblas RSS

controlling authorization flow

Gor_Mahia Explorer
Currently Being Moderated
All,

i have my login page and ive 2 user groups but i want page1 to be the startup page after login for users in group1; page2 to be the startup page for users in group2. ie if i belong to group1 and i login i should be directed to page1 otherwise i should see page2 .what is the best way to implement this requirement?

thanks & regards,
  • 1. Re: controlling authorization flow
    scott.wesley Guru
    Currently Being Moderated
    Probably a number of ways.

    You could have on-load branches on your landing page that are conditional based on user group.
  • 2. Re: controlling authorization flow
    jrimblas Expert
    Currently Being Moderated
    I would recommend you go with the "Post-Authentication Procedure".

    You create a procedure that checks your users group and determines the page and then redirects to that page.
    Kinda like this:
    procedure post_proc
    is
    begin
    if v('APP_USER') = 'SPECIAL_USER' then
      -- this user goes to page 2
      owa_util.redirect_url('f?p=' || v('APP_ID') || ':2:' || v('SESSION') ':');
    else
      -- everybody else goes to page 1
      owa_util.redirect_url('f?p=' || v('APP_ID') || ':1:' || v('SESSION') ':');
    end if;
    end;
    Then for your auth scheme you enter your procedure name in the "Post-Authentication Procedure Name" field.

    Hey, please remember to post your APEX version on your questions. On previous versions of APEX I would have done this a little different.
    Thanks
    -Jorge
  • 3. Re: controlling authorization flow
    Gor_Mahia Explorer
    Currently Being Moderated
    Jorge
    good idea I'll create a proc as backend object in the DB and call it schemaname.proc_authorization from "Post-Authentication Procedure" then let you know,

    iam using apex 4.1.1,

    thank you.
  • 4. Re: controlling authorization flow
    Gor_Mahia Explorer
    Currently Being Moderated
    Jorge
    Ive used the V('') expression before in DB triggers but in the below code i created my procedure in the database side(no apex side) and the expression v('') cannot be recognized it failed the compilation why so?
    procedure post_proc
    is
    begin
    if v('APP_USER') = 'SPECIAL_USER' then 
    v('APP_ITEM_STATUS') := 1;
    
      owa_util.redirect_url('f?p=' || v('APP_ID') || ':2:' || v('SESSION') ':');
    else
    v('APP_ITEM_STATUS') := 2;
    . . . . 
    end if;
    end;
    thank you.
  • 5. Re: controlling authorization flow
    scott.wesley Guru
    Currently Being Moderated
    It's not the v() function, is your missing concatenator which was picked up here:
    Re: How to determine landing page based upon a page item value in login page..?
    || v('SESSION') || ':');
  • 6. Re: controlling authorization flow
    jrimblas Expert
    Currently Being Moderated
    The v function is well a function and cannot be used for assignments.
    So
    v('APP_ITEM_STATUS') := 1;

    is just invalid.

    If you want to set an apex item there's an API for that.
    Do something like this:
    apex_util.set_session_state('APP_ITEM_STATUS', '1');
    This is in addition to the concatenation error that Scott pointed out already.

    Thanks
    -Jorge

    Edited by: jrimblas on Mar 26, 2013 8:52 PM
  • 7. Re: controlling authorization flow
    scott.wesley Guru
    Currently Being Moderated
    twice I didn't bother reading the entire code block - and missed the obvious!
  • 8. Re: controlling authorization flow
    Gor_Mahia Explorer
    Currently Being Moderated
    scott,
    well now iam getting another error, when i put my procedure call in the "Post-Authentication Procedure Name" section in Apex
    part of the procedure code is like,
    
    IF ..... THEN
        owa_util.redirect_url('f?p=' || v('APP_ID') || ':1:' || v('SESSION')|| ':');
    
    .....
    
    then when i log out and back in to run my application iam now getting this error,
    
    *The page isn't redirecting properly*
          
      *Firefox has detected that the server is redirecting the request for this address in a way that will never complete.*
         
    
      *This problem can sometimes be caused by disabling or refusing to accept*
        *cookies.*
    what could be the problem again....

    thank you.
  • 9. Re: controlling authorization flow
    jrimblas Expert
    Currently Being Moderated
    I think we need to see the procedure.
    AND very important, is there old code from a previous attempt to do the branch/redirect? Like for example Branch on the page your landing on?

    Thanks
    -Jorge
  • 10. Re: controlling authorization flow
    Gor_Mahia Explorer
    Currently Being Moderated
    Jorge

    This is all i have in procedure and looks straight forward i dont understand why iam getting this error above,
     PROCEDURE PROC_ACCESS_LEVEL IS
        v_access_level number := 0 ;
        BEGIN
        
            select count(*) into v_access_level
            from emp where deptno = 20;
              
    
    IF v_access_level >= 1 THEN
    
        owa_util.redirect_url('f?p=' || v('APP_ID') || ':1:' || v('SESSION')|| ':');
    
        ELSE
    
       owa_util.redirect_url('f?p=' || v('APP_ID') || ':3:' || v('SESSION')|| ':');
        END IF;
    
    
      EXCEPTION
              WHEN OTHERS THEN
      NULL;
        
        END;
    then i called it from Authentication scheme section ==> Post-Authentication Procedure Name : SCHEMANAME.PROC_ACCESS_LEVEL .


    thank you.
  • 11. Re: controlling authorization flow
    jrimblas Expert
    Currently Being Moderated
    So is this the procedure you're placing in the "Post-Authentication Procedure Name" field?

    Not that it has anything to do with the error, but don't you want the user (as v('APP_USER') for example) somewhere in there?

    Also remove the
    EXCEPTION
              WHEN OTHERS THEN
      NULL;
    It's bad practice and there's some problem you won't know about it.

    -Jorge
  • 12. Re: controlling authorization flow
    Gor_Mahia Explorer
    Currently Being Moderated
    Jorge,
    Yes i do i was just making it simple and clear to understand its something like this in my query.... others as i gave before
            select count(*) into v_access_level
            from employee s where s.deptid = '20' and UPPER(s.empid) =UPPER(v('APP_USER')) ;
    thank you.
  • 13. Re: controlling authorization flow
    Gor_Mahia Explorer
    Currently Being Moderated
    Jorge,
    can you take a look at my sample

    if i apply the proc call under authentication scheme i cant even run the application now. it doesn't allow login at run-time and no error displayed?
    app id=760
    wkspace/userid/pswd=proj2010/demo123/demo123


    thank you.
  • 14. Re: controlling authorization flow
    jrimblas Expert
    Currently Being Moderated
    Ok, very weird, but it's working now.
    After lots of poking, I simply change the procedure to
    create or replace PROCEDURE PROC_ACCESS_LEVEL IS
        v_access_level number := 0 ;
        BEGIN
        
            select count(*) into v_access_level
            from emp where deptno = 120;
              
     
    IF v_access_level >= 1 THEN
     
    --    owa_util.redirect_url('f?p=' || v('APP_ID') || ':1:' || v('SESSION')|| ':');
       apex_util.set_session_state('FSP_AFTER_LOGIN_URL','f?p=' || v('APP_ID') || ':1:' || v('SESSION')|| ':');
     
        ELSE
     
       apex_util.set_session_state('FSP_AFTER_LOGIN_URL','f?p=' || v('APP_ID') || ':3:' || v('SESSION')|| ':');
        END IF;
    
     
    END;‚Äč
    The FSP_AFTER_LOGIN_URL is used for deep linking to send a user to a given page after login.
    The nice thing about using FSP_AFTER_LOGIN_URL here is that if you still want to allow deep linking you can check IF FSP_AFTER_LOGIN_URL is null or not null and override it if needed.

    There you go! Hope this helps.
    Thanks
    -Jorge

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points